| 60a715a0dd79873d2d2607eab8fdfaf0ffd2e7d3 |
|
09-Feb-2018 |
Hristo Venev <hristo@venev.name> |
providers: Move hostid from ipa to sdap, v2
In the ldap provider, all option names are renamed to ldap_host_*. In
the ipa provider the names haven't been changed.
Host lookups for both ipa and ldap are handled in the ldap provider.
sss_ssh_knownhostsproxy works but hostgroups are still only available
in the ipa provider.
I've also added some documentation for the ldap provider.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
| f34a8330c1615511795847b0a1454249d782db2a |
|
19-Oct-2017 |
Alexey Kamenskiy <alexey.kamenskiy@chinanetcloud.com> |
LDAP: Add support for rhost access control
This patch implements verification of pam_rhost against
rules stored in LDAP entry of a user.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
| d6342c92c226becbdd254f90a0005b8c00c300dc |
|
17-Aug-2016 |
Petr Cech <pcech@redhat.com> |
AD_PROVIDER: Add ad_enabled_domains option
Resolves:
https://fedorahosted.org/sssd/ticket/2828
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
| 83a796ec8de4bde65b11cc8032675406950641fa |
|
29-Jul-2016 |
Sumit Bose <sbose@redhat.com> |
LDAP: new attribute option ldap_user_email
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
| ffe2522a208cddd415d7c3498dcc73ffda863b6f |
|
09-Jun-2016 |
Sumit Bose <sbose@redhat.com> |
AD: read user certificate if available
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
| 3cf7fdfcaedb986f42a6640e26aa057007b64045 |
|
24-Feb-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
Add a new option ldap_group_external_member
Required for:
https://fedorahosted.org/sssd/ticket/2522
Reviewed-by: Sumit Bose <sbose@redhat.com> |
| 8babbeee01e67893af4828ddfc922ecac0be4197 |
|
20-Jan-2016 |
Pavel Reichl <preichl@redhat.com> |
IDMAP: Add support for automatic adding of ranges
Resolves:
https://fedorahosted.org/sssd/ticket/2188
Reviewed-by: Sumit Bose <sbose@redhat.com> |
| 5f7cd30c865046a7ea69944f7e07c85b4c43465a |
|
19-Jan-2016 |
Sumit Bose <sbose@redhat.com> |
AD: add task to renew the machine account password if needed
AD expects its clients to renew the machine account password on a
regular basis, be default every 30 days. Even if a client does not renew
the password it might not cause issues because AD does not enforce the
renewal. But the password age might be used to identify unused machine
accounts in large environments which might get disabled or deleted
automatically.
With this patch SSSD calls an external program to check the age of the
machine account password and renew it if needed. Currently 'adcli' is
used as external program which is able to renew the password since
version 0.8.0.
Resolves https://fedorahosted.org/sssd/ticket/1041
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
| 9e6f8d1c66b4b3543bab67d807bd26f1d6256c75 |
|
14-Dec-2015 |
Pavel Březina <pbrezina@redhat.com> |
AD: Mark globals in ad_opts.h as extern
To avoid collisions when we want to work with them elsewhere in the code.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |